I'm getting a new computer for my daughter. She's a spyware/malware writers dream. She'll open any attachment, sends and receives IMs all day, surfs dangerously...

I'm in the process of attempting to isolate this machine from the rest of the network, but that's another thread. Here I'd like to hear suggestions for keeping her box in the condition I give it to her in. I know about freeze apps, but at the same time, she does research and needs to save documents. I know that if she learns to turn off freeze, she'll never tun it on again.

I need a simple, no intervention solution. I don't want to have to educate her or involve her in any of this software. I've got personal reasons for this.
Even installing a pristine FD-ISR Primary SnapShot and allowing her to work in Secondary SnapShot, is too much trouble, since I will be the one who has to revert to Primary.

Probably something along the lines of Deep Freeze and Anti-Executable (to handle portable/etc. application installs and launches), both from Faronics, with save locations on a thawed partition dedicated to transient data only. Or something along those lines configured using OS groups and policies since they'll typically exist on a centrally administered domain. Updates could be an issue.

If you use DeepFreeze disable the automatic update of each software including Windows.
Once a month you do this :
1. Blindfold your daughter.
2. Boot in thawed mode with YOUR password.
3. Perform all updates of Windows and Applications.
4. Boot in frozen mode.
5. Unblindfold your daughter.

Hi, screamer; If your daughter is able to turn on and off light switch, then she has the IQ sufficient to use DeepFreeze standard version. It has only three options with password protection option. She may receive AV auto updates in frozen mode, but do not worry, that update will reappear in next thawed mode. DF has x days trial, what not give a spin ?

I just sent an e-mail to Faronics w/ my situation, we'll see if they have a solution. I did a search and it seems DF has a scheduled thaw mode for up-dates: AV & Windows, now all I need to know is about her being able to save her "legitimate" docs somewhere.

I just sent an e-mail to Faronics w/ my situation, we'll see if they have a solution. I did a search and it seems DF has a scheduled thaw mode for up-dates: AV & Windows, now all I need to know is about her being able to save her "legitimate" docs somewhere.

...screamer

Click to expand...

Since many computers have only one harddisk, DeepFreeze must have an option to exclude the folder "My Documents" for instance, otherwise you can't do anything with your computer, if you can't store files or downloaded files.

If DeepFreeze doesn't have that option, you must create a data partition to store files.

First you create a virtual partition big enough for her data. Then in RVS you set the protection mode on. This way it will always boot in with protection on. Anything bad she gets will be gone on reboot. Second you select mount VP with windows start so the virtual partition will always be there. Fourth you make sure the protection in safe mode is on. Finally you set a good password.

Now when she works with her legit programs she can save the data in the Virtual Partition. It will always be there and she can work on it from there. But is she surfs and picks up crap it will be gone. Even if she puts something infected in the VP, it can't do damage from there. Finally if she's clever and tries safe mode protections is still on. Finally if she tries to uninstall she can't because protection mode is on. Tried it and it won't let you. So her only solution is to be able to open the gui, and she needs the password for that.

Tested it and it works.

Pete

Oops. you mentioned updating AV. Couple of thoughts. 1) Install and register sandboxie. Force all the browsers. This means she will be working in the sandbox. To not use the sandbox will require the extra step. (Basis is kids are lazy). True she can change sandboxie setting(again takes work) and they will go away when she reboots, so that will discourage her. With both programs, I'd almost consider skipping the AV. 2) Go with the AV, and have it check for updates on system start. Yes is will have to do larger updates with time, as they will go away with reboots, but it would work. Then when she's home you bring system current, and then lock it up again.

A few things. With Returnil this would work as long as you didn't come across the intermittant problem I have had where it loses its serial number, and no passwords work, last time that happened I had to go into safe mode and uninstall, but in the scenario you describe that may not be an option.

Also a virus program update there is likely to be a reboot which would put her in a loop, although with Avast! you could turn off the program update side of it and just allow update of definitions.

screamer,
I disabled all my automatic updatings, because I also use Anti-Executable.
Automatic updatings can occur at any moment of the day and Anti-Executable is always ON with HIGH security.
When an automatic downloads starts, AE acts immediately when executable is changed during the downloading and the upgraded software gets corrupted.
I had it two times in practice and that's why I do updatings manually, when AE = OFF.
AE is very good, but very irritating too.

screamer,
I disabled all my automatic updatings, because I also use Anti-Executable.
Automatic updatings can occur at any moment of the day and Anti-Executable is always ON with HIGH security.
When an automatic downloads starts, AE acts immediately when executable is changed during the downloading and the upgraded software gets corrupted.
I had it two times in practice and that's why I do updatings manually, when AE = OFF.
AE is very good, but very irritating too.

Click to expand...

Remember this for a young lady of college age. So it has to be hands off. No way on AE. It's very effective, but it is a pain in the arse.

That's a lot to digest right now. In essence, if she downloads research w/ Sandboxie on, will she be able to save it somewhere.

Reason for AV is not so much D/Ling an infected app as it is a infection from IM. So I really need AV on this box.

...screamer

@Erik,

Good thought about another partition

Click to expand...

With Sandboxie you could recover anything you need into the ReturnIL partition. Also you could force the IM program into the sandbox. Even so if an infection came from an IM, it would still be gone after reboot.

I'd say limited account + Returnil configured as per Peter2150's post or Deep Freeze with a data partition to save documents. Make Firefox her default browser and add Adblock Plus.

Click to expand...

Yeah, I'd have to agree. It seems to be the least hands on solution. I'm also going to assign it a Static IP so I can block this box from the rest of the network, but allow Internet access. I think w/ this set-up and K-9 web protection, I should be on my way.

BTW: can I create a partition on C: Drive if there's already data written to it?
The box shes getting is my wifes. I'm keeping the new one

Yeah, I'd have to agree. It seems to be the least hands on solution. I'm also going to assign it a Static IP so I can block this box from the rest of the network, but allow Internet access. I think w/ this set-up and K-9 web protection, I should be on my way.

BTW: can I create a partition on C: Drive if there's already data written to it?
The box shes getting is my wifes. I'm keeping the new one

...screamer

Click to expand...

To answer the BTW.

If currently there is only one partition on the drive you would have to first shrink it. Here's how I'd do it with Acronis disk director.

1. Defrag
2. Using disk director shrink the partition. It would move the data if it had to.
3. Create partition.

But if you use Returnil's virtual partition you don't have to do all that. Just create it when you install. If it isn't mounted it is just a file on your C: drive. When mounted it becomes drive Z: